I am running a FBSD 7 firewall @ home connected to a DSL line which I share with my wife.

One of the main problems that I have encountered is that when my wife surfs the internet my online gaming screeches to a halt untill the page has loaded and by that time I've been pwned

I was thinking about using ALTQ to prioritize the traffic and after checking out Daniel Hartmeier's page on "Prioritizing empty TCP ACKs" (http://www.benzedrine.cx/ackpri.html) I came up with the variation of his rule set.

1) 'modulate state' is for outbound tcp only, all others use 'keep state' (ignoring 'synproxy state' for special cases)
2) 'flags S/SA' is for tcp only3) queueing for TCP acks should only be done on incoming tcp (you will be sending out TCP acks on those, so prioritising takes place there); in other words: rules for incoming tcp are the only ones with 'double queues' like '(q_def, q_pri)' in priq or 'queue(something, acks)' in cbq scheduling - wrong, see below
4) you are encouraged to write your rules in order of prefererred processing and use the 'quick' keyword wherever possible; work from specific to general, and start with a general block all rule.

Yes, you can specifiy a range of ports using a macro. Use pfctl -s rules to see the expanded ruleset after loading them.

Also, When I implement the rule set and use pfctl -s rules the macro is not expanded?

# pfctl -sr
pass out on tun0 inet proto tcp from 196.2.19.32 to any flags S/SA keep state queue(q_def, q_pri)
pass in on tun0 inet proto tcp from any to 196.2.19.32 flags S/SA keep state queue(q_def, q_pri)
pass out quick on tun0 inet proto udp from 196.2.19.32 to any port 28960:29000 keep state queue q_cod
pass in quick on tun0 inet proto udp from any to 196.2.19.32 port 28960:29000 keep state queue q_cod

Yeah, I may be making a slight 'thinking error' there, because, at first sight, outgoing TCP acks are only caused by incoming TCP packets, so it would only be necessary to associate the TCP ack queue with incoming tcp connection rules.

But, of course, when making an outbound tcp connection (like an interactive ssh session), you will have to reply to return traffic with acks as well, and those are also outbound TCP acks.

So yes, put those double queues on the inbound and outbound tcp rules.

Also, When I implement the rule set and use pfctl -s rules the macro is not expanded?

# pfctl -sr

pass out quick on tun0 inet proto udp from 196.2.19.32 to any port 28960:29000 keep state queue q_cod
pass in quick on tun0 inet proto udp from any to 196.2.19.32 port 28960:29000 keep state queue q_cod